Nimalathatep

Nimalathatep is a Nim shellcode payload generation project that aims to get a stealthy binary into your hands quickly. All methods use well-known API-call sequences.

Evasion

AV/EDR avoidance is performed through AES encryption followed by Base64, with the payload itself only being decrypted at runtime. The IV is currently static, but I aim to change this in the future. Compiling to a control panel item is your stealthiest approach for now.

Compilation

Ensure you have NIM downloaded from here: https://nim-lang.org/install.html

Install the winim, ptr_math, and nim crypto prior to compiling with the following commands: nimble install winim nimble install nimcrypto nimble install ptr_math nimble install sysrandom To compile: nim -d:release c .\nimalathatep.nim

Usage

Run the executable and give it the desired API method, shellcode file, and output file type: .\nimalathatep.exe <apiMethod> <binFile> <outfiletype>

Defender Check

Changes

-Added support for all API calls to be used as an XLL
-Added random key for encryption
-Formatting fixes
-Added new API method (EnumCalendarInfo)

To Do

-Generation option to directly place the file into a PDF as an attachment -Custom unhook stuff -Add option to pack payload into iso or 7zip

Credits

Some code bits from:
https://github.com/byt3bl33d3r/OffensiveNim https://www.ired.team/ https://github.com/bigb0sss/Bankai <--Initial inspiration

Disclaimer

Only use this for purposes involving systems that you have been given permission to access and alter. I am not responsible if you do illegal stuff.